83acc3b1e417eb75f24afdea1999c7fbe479befc39e32244c7cd0932f09ca869

Analysis

max time kernel
110s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
25/09/2024, 22:03

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

83acc3b1e417eb75f24afdea1999c7fbe479befc39e32244c7cd0932f09ca869N.exe
Size

83KB
MD5

4cc4b719ee9c138ba907a2abb1cd9540
SHA1

43cb19eb8f69912312528db435054706882b242b
SHA256

83acc3b1e417eb75f24afdea1999c7fbe479befc39e32244c7cd0932f09ca869
SHA512

00d9aa97dd506d10990899e13481aa93f451b2e3519fc98054dd6e30f79e5b02040529383341380cbfbd335f0050b1b9cc6cbab006bab07313622700241c5ae2
SSDEEP

1536:LJaPJpAz869DUxWB+i4OQ4NR2Kk+aSnfZaG8fcaOCzGquSE0cF+xK:LJ0TAz6Mte4A+aaZx8EnCGVux

Score

5^/10

discovery upx

Malware Config

Signatures

UPX packed file 7 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3568-0-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/3568-1-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/3568-4-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/3568-8-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/files/0x0008000000023461-11.dat	upx
behavioral2/memory/3568-13-0x0000000000400000-0x000000000042A000-memory.dmp	upx
behavioral2/memory/3568-21-0x0000000000400000-0x000000000042A000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	83acc3b1e417eb75f24afdea1999c7fbe479befc39e32244c7cd0932f09ca869N.exe

C:\Users\Admin\AppData\Local\Temp\83acc3b1e417eb75f24afdea1999c7fbe479befc39e32244c7cd0932f09ca869N.exe
"C:\Users\Admin\AppData\Local\Temp\83acc3b1e417eb75f24afdea1999c7fbe479befc39e32244c7cd0932f09ca869N.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:3568

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\rifaien2-XRbAuKEBcCKdykSC.exe

Filesize
83KB

MD5
506c893d9809279c2a133c017a5cbc07

SHA1
5f226e462bcd87f7ff10ab5d75bd6bc1f0cc34eb

SHA256
180dac31b6c6651902b73bf814ba00215c56a84caa9c8beffa4ebddabca53a37

SHA512
40387150334272cb66245abf80a74eff00c70015cf03d2e4791fc06b7965bb1963e1731c571a14019808f4cff8d49c30db7498d3d76035600eac23c128caeda8

Download Submit
memory/3568-0-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3568-1-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3568-4-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3568-8-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3568-13-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/3568-21-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download